RyanBarrett

April 11, 2014

How to generate a strong password that’s easy to remember

In the movies, the bad guys pound furiously on a keyboard while techno music blasts and Matrix-style code flashes across their screens.

In reality, the bad guys just launch dictionary tools on high-powered computers that make automatic attempts to guess your password. These tools take common words (“happy”, for example) and add simple variations (“1happy” or “happy1” or “1happy1”) to exploit the odds that your password is easily guessed.

This technique can be very successful. That’s because many people create passwords using common words. Even if you think you’re being clever—perhaps your password is “1yppah”—it’s still based on a dictionary word, and it only has a single number. It’s a weak password.

You need a strong password

You may have heard the phrase “strong password”. Here’s what that means in practice:

No dictionary words, combinations of dictionary words, or proper names—even in reverse order

Contains at least 1 number, 1 upper case character, and 1 special character

Contains no “QWERTY key strokes” (that is, characters in the order they appear on the keyboard)

This sounds complicated. Here are three methods that make strong passwords easy.

Method 1: Phrase transformation

Think of a phrase that means something to you. Something easy to remember but impossible to guess. For example, I’m thinking of this phrase:

To turn this into a password, just use the first letters from every word. Like so:

60KbhcI!Fowfe

As easy as this is to remember, hackers will never find it in their dictionary tool.

Method 2: Add some math

For further security, we can to turn our easy-to-remember phrase into a mathematical expression. This adds complex characters to the password. For example, I’ll reword the phrase above to read like a math problem:

Method 3: Mash the keyboard

The best password is long and random. We can generate one by hitting random keys while pressing and releasing the shift key.

A()*ijk3#DLKm!kjhn

Now, we’ll never remember that in a million years. These kinds of passwords are best used when you have a password management tool to store the passwords for you. (Shameless plug: you can use Intermedia AppID, which offers single sign-on capabilities, to remember all your passwords.)

A password management tool keeps passwords safely encrypted when they’re stored as well as when in transit. You can create strong unique passwords for every web app you use, without having to remember any of them. The weak link—our brain’s ability to remember it—is eliminated from the equation.

The bottom line on passwords

Longer passwords are always better. People have traditionally used 8 character passwords, but many services now support 14 characters or more.

A hacker could theoretically guess any password with a random password generator, but it would take thousands of years of computing power. Chances are, they’ll pick an easier target—which is exactly what you want them to do.

One more thing: Don’t get complacent. At least a portion of your password should be changed every few months to protect you from the more advanced attacks.

Some further reading: Security consultant Mark Burnett has studied, researched and written a lot about BAD passwords. He’s compiled a list of the 10,000 most common passwords—which, supposedly, represent 99.8% of all user passwords. If any of these look familiar, you should make some changes immediately.

Want more of Intermedia’s perspective on security? Watch our webinar: Security with Hosted Exchange: What You Need to Know Now.